<?php
    require "../init.php";

    if(empty($_SESSION['admin'])){
        admin_redirect("请登录",3,ADMIN_ROOT_URL . "login.php");
        die;
    }

    $act = $_GET["act"];


    if($act == "edit"){
        //查看表单元素是否有空的
        foreach($_POST as $item){
            if(empty($item)){
                admin_redirect("表单元素不能为空", 3 );
                die;
            }
        }

        $name = $_POST['name'];
        $id = $_POST['id'];
        $tel = $_POST['tel'];
        $email = $_POST['email'];

        //用户名规范验证
        $regex_name = '/^[a-zA-Z]\w{3,14}$/';
        if(!preg_match($regex_name, $name)){
            admin_redirect("用户名格式不正确");
            die;
        }

        //验证手机号
        $regex_tel = '/^1\d{10}$/';
        if(!preg_match($regex_tel, $tel)){
            admin_redirect("手机号格式不正确");
            die;
        }

        //验证邮箱
        $regex_email = '/^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-])+$/';
        if(!preg_match($regex_email, $email)){
            admin_redirect("邮箱格式不正确");
            die;
        }

        //准备sql语句,查询该用户是否已存在
        $sql = "select id from ". PRE . "user where name = '" . $name . "' and id != $id limit 1";

        // 执行sql语句
        $result = getRow($link, $sql);


        //判断该用户是否已存在
        if($result){
            admin_redirect("该用户名已存在");
            die;
        }

        //准备sql更改数据库
        $sql = "update ". PRE . "user set name = '" . $name ."', tel = '" . $tel ."',
        email = '" . $email ."' where id = '" . $id ."'";
        //执行sql语句
        $result = execute($link, $sql);
        if($result){
            admin_redirect("修改用户成功",3,ADMIN_ROOT_URL . "user/index.php");
            die;
        }else{
            admin_redirect("修改用户失败");
            die;
        }
    }elseif($act == "del"){
        $type = $_SESSION['admin']['type'];
        //0是超级管理员,1是普通管理员
        if($type != 0){
            admin_redirect("您的权限不足,不能进行该操作");
            die;
        }
        //获得要删除用户的id
        $id= $_GET['id'];

        //准备sql语句
        $sql = "delete from ".PRE."user where id = '".$id."'";
        //执行sql语句
        $result = execute($link, $sql);
        //处理结果
        if($result){
            admin_redirect('删除成功',3,ADMIN_ROOT_URL."user/index.php");
            die;
        }else{
            admin_redirect('删除失败');
            die;
        }
    }elseif($act == "add"){
        //查看表单元素是否有空的
        foreach($_POST as $item){
            if(empty($item)){
                admin_redirect("表单元素不能为空", 3 );
                die;
            }
        }

        $name = $_POST['name'];
        $pwd = md5($_POST['pwd']);
        $tel = $_POST['tel'];
        $email = $_POST['email'];

        //用户名规范验证
        $regex_name = '/^[a-zA-Z]\w{3,14}$/';
        if(!preg_match($regex_name, $name)){
            admin_redirect("用户名格式不正确");
            die;
        }

        //验证手机号
        $regex_tel = '/^1\d{10}$/';
        if(!preg_match($regex_tel, $tel)){
            admin_redirect("手机号格式不正确");
            die;
        }

        //验证邮箱
        $regex_email = '/^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-])+$/';
        if(!preg_match($regex_email, $email)){
            admin_redirect("邮箱格式不正确");
            die;
        }

        //准备sql语句,查询该用户是否已存在
        $sql = "select id from ". PRE . "user where name = '" . $name . "' limit 1";
        // 执行sql语句
        $result = getRow($link, $sql);


        //判断该用户是否已存在
        if($result){
            admin_redirect("该用户已存在");
            die;
        }

        //准备sql语句,向数据库中添加用户
        $sql = "insert into " . PRE . "user (name, pwd, tel, email,create_time) values
    ('".$name."', '".$pwd."', '".$tel."', '".$email."', '".DATE."')";

        //执行sql语句
        $result = execute($link, $sql);

        if($result){
            admin_redirect("添加用户成功",3,ADMIN_ROOT_URL . "user/index.php");
            die;
        }else{
            admin_redirect("添加用户失败");
            die;
        }

    }




?>